Page 902 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 902

operation, design, and management. The concept is based on the
               theory that the complexities of a traditional network with on-device

               configuration (i.e., routers and switches) often force an organization to
               stick with a single device vendor, such as Cisco, and limit the flexibility
               of the network to adapt to changing physical and business conditions.
               SDN aims at separating the infrastructure layer (i.e., hardware and
               hardware-based settings) from the control layer (i.e., network services
               of data transmission management). Furthermore, this also removes
               the traditional networking concepts of IP addressing, subnets, routing,

               and the like from needing to be programmed into or be deciphered by
               hosted applications.

               SDN offers a new network design that is directly programmable from a
               central location, is flexible, is vendor neutral, and is open standards
               based. Using SDN frees an organization from having to purchase
               devices from a single vendor. It instead allows organizations to mix
               and match hardware as needed, such as to select the most cost-

               effective or highest throughput–rated devices regardless of vendor.
               The configuration and management of hardware are then controlled
               through a centralized management interface. In addition, the settings
               applied to the hardware can be changed and adjusted dynamically as
               needed.

               Another way of thinking about SDN is that it is effectively network

               virtualization. It allows data transmission paths, communication
               decision trees, and flow control to be virtualized in the SDN control
               layer rather than being handled on the hardware on a per-device basis.

               Another interesting development arising out of the concept of
               virtualized networks is that of a virtual SAN (storage area network). A
               SAN is a network technology that combines multiple individual
               storage devices into a single consolidated network-accessible storage

               container. A virtual SAN or a software-defined shared storage system
               is a virtual re-creation of a SAN on top of a virtualized network or an
               SDN.
   897   898   899   900   901   902   903   904   905   906   907